Tried add entity_add functionality but not working.

[ameygat]

I am trying to add more functionality to the YetiApi class. When I tried the get entity it worked, but for adding a entity it gives error

ERROR:root:An error occurred (500):

Any pointers towards this would be welcome, There was no documentation of json values of entity object so I did a get entity and used similar json object in entity_add

Following are my functions added to api.py

    def entity_details(self, id):
        """Get details on an entity.
        Args:
            id: A string representing the entity's ObjectID

        Returns:
            JSON representation of the requested entity
        """
        return self._make_get("entity/{}".format(id))

    def entity_add(self, name,etype,description,aliases=[], tags=[],context={},source="API"):
        """Add an entity to the dataset

        Args:
            name: the name of entity
            etype: type of entity ('Actor','TTP' etc)
            description: description of Entity
            tags: An array of strings representing tags
            context: A dictionary object with context information
            source: A string representing the source of the data. Defaults to
                   "API".

        Returns:
            JSON representation of the created observable.
        """
        json = {
            'description':description,
            'tags':tags,
            'aliases':aliases,
            'type':etype,
            'name':name,
            'context':context,
            'source':source
        }

        return self._make_post('entity/', json=json)

[tomchop]

Have you tried running the webserver in dev mode? This will give you a full stack trace and it will be much easier to narrow down the error.

[ameygat]

I ran the server with $python yeti.py webserver I saw following error in consol when entity post call was made: Where json data sent to api was

{'aliases': ['testalias1', 'testalias2'], 'context': {}, 'description': 'This is test description of a actor', 'name': 'Test1', 'source': 'API', 'tags': ['testtag1', 'testtag2'], 'type': 'Actor'}

python yeti.py webserver
[+] Database version is synced with code.
[+] Yeti started. Point browser to http://localhost:5000/
Filter: {} {}
[2017-09-22 01:15:20,253] ERROR in app: Exception on /api/entity/ [POST]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1982, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1614, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1517, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/local/lib/python2.7/dist-packages/flask_classy.py", line 200, in proxy
    response = view(**request.view_args)
  File "/opt/yeti/core/web/helpers.py", line 32, in inner
    return f(*args, **kwargs)
  File "/opt/yeti/core/web/api/crud.py", line 131, in new
    obj = self.objectmanager(**params).save()
  File "/usr/local/lib/python2.7/dist-packages/mongoengine/base/document.py", line 77, in __init__
    raise FieldDoesNotExist(msg)
FieldDoesNotExist: The fields "set([u'source', u'type', u'context', u'aliases'])" do not exist on the document "Entity"

When I saw the error saying fields does not exist in the entity I remove all those fields and ran with new json data as follows

{'name': 'Test1', 'tags': ['testtag1', 'testtag2'], 'description': 'This is test description of a actor'}

This json was accepted and added as entity but issue is I want to add a Entity as actor and if I can not give the type of Entity then Entity does not get added to the Actors.

Could some one Please provide some guidance as how can I add entity as Actor / TTP / Exploit etc.

[ameygat]

@tomchop Any thing from your side ? Can put some light on this matter ?

[tomchop]

Right, so it according to this line: FieldDoesNotExist: The fields "set([u'source', u'type', u'context', u'aliases'])" do not exist on the document "Entity" It seems that you're trying to add an Entity with those fields, which does not match the model defined in Yeti.

POSTing to /entity is the right(ish—see below) way to go, but you need a JSON object that matches what Yeti expects. I know that the documentation is very light on what is expected, but the best way to know is to create an entity via the UI and then GET the JSON representation of it.

Also, it seems that you're creating an Entity object when you actually want sub-objects (Actor, Malware, etc.). You'll have to manually set the _cls attribute in your request. Also, you'll have to set fields according to entity.py and actor.py (if what you want to add is an actor).

[Kirtar22]

@ameygat - did you manage to get the Entity added to Yeti? for me, even adding entity with minimal parameters also not working.

ERROR:root:An error occurred (500): http://localhost:5000/api/entity/